On Friday 04 December 2009 02:09:35 pm Panagiotis Atmatzidis wrote:
> Hello,
>
> I'm a total newbe. I'm trying to figure out how to grab a specific Xth
> character from a .log and put it into an array.
>
> So far, I've got to this code snippet:
>
> ------------
> # encoding: utf-8
> class ReadIPs
> def initialize
> @read_ips = []
> end
>
> def get_ips(filename)
> ips = [] # make a list of ip addressses
> File.foreach(filename) do |line|
> puts "#{line}" if line =~ /Ban/
> end
> end
> end
>
> ipadds = ReadIPs.new
> a = ipadds.get_ips("fail2ban.log")
> --------------
>
>
> The output though parses lines the following:
>
> 2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban
> 203.169.139.171
>
>
> Now, I'd like to isolate the IP and put it into an Array.
It looks as though you've gotten that started...
> def initialize
> @read_ips = []
> end
But you never seem to use this array.
> def get_ips(filename)
> ips = [] # make a list of ip addressses
> File.foreach(filename) do |line|
> puts "#{line}" if line =~ /Ban/
> end
> end
You never seem to use this array, either. You could do something like this:
def get_ips(filename)
File.open filename do |file|
file.each_line.select{|line| line =~ /Ban/}
end
end
That will at least return an array of lines containing Ban. But you already
know what each line looks like. Here's another way, that looks kind of like
what you started:
def get_ips(filename)
ips = []
File.open filename do |file|
file.each_line do |line|
if line =~ /Ban\s+(\S+)$/
ips << $1.chomp
end
end
end
ips
end
> I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk
> -F "Ban" '{print $2}'"
You could probably figure out a way to do this in Ruby, and it probably
wouldn't be too much worse than the awk version, but if you really want to do
it that way, try backticks. If this is the output you're expecting:
> 60.12.200.xx
> 193.193.221.xx
> 85.72.xx.xx
> 124.207.xx.xx
you could probably get away with:
ips = `grep Ban fail2ban.log | awk -F "BAN" '{print $2}'`.each_line.to_a
By the way, all of this is giving you ips as strings. If you're wanting to
actually manipulate the ips at all, I'd suggest looking at IPAddr. (You
probably don't, but just in case...)